diff --git a/k8s/core/prometheus/app.yaml b/k8s/core/prometheus/app.yaml new file mode 100644 index 0000000..382c436 --- /dev/null +++ b/k8s/core/prometheus/app.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prom-stack + namespace: prometheus +spec: + project: core + destination: + namespace: prometheus + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/core/prometheus + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + diff --git a/k8s/core/prometheus/external-secrets.yaml b/k8s/core/prometheus/external-secrets.yaml new file mode 100644 index 0000000..abd4b8e --- /dev/null +++ b/k8s/core/prometheus/external-secrets.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: grafana-admin + namespace: prometheus +spec: + target: + name: grafana-admin + deletionPolicy: Delete + template: + type: Opaque + data: + GF_SERVER_ROOT_URL: https://gf.hexor.cy + GF_DATABASE_USER: grafana + password: |- + {{ .password }} + username: |- + {{ .username }} + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: |- + {{ .client_id }} + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: |- + {{ .client_secret }} + GF_DATABASE_PASSWORD: |- + {{ .psql_user }} + data: + - secretKey: password + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 6a03357b-616e-4973-897a-93ccd675ddcb + property: login.password + - secretKey: username + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 6a03357b-616e-4973-897a-93ccd675ddcb + property: login.username + - secretKey: client_id + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 6a03357b-616e-4973-897a-93ccd675ddcb + property: fields[0].value + - secretKey: client_secret + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 6a03357b-616e-4973-897a-93ccd675ddcb + property: fields[1].value + - secretKey: psql_user + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 2a9deb39-ef22-433e-a1be-df1555625e22 + property: fields[2].value + diff --git a/k8s/core/prometheus/grafana-values.yaml b/k8s/core/prometheus/grafana-values.yaml new file mode 100644 index 0000000..6db05a3 --- /dev/null +++ b/k8s/core/prometheus/grafana-values.yaml @@ -0,0 +1,54 @@ +envFromSecret: grafana-admin +nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + +admin: + existingSecret: grafana-admin + userKey: username + passwordKey: password + +grafana.ini: + auth: + signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/ + oauth_auto_login: true + auth.generic_oauth: + name: authentik + enabled: true + scopes: "openid profile email" + auth_url: https://idm.hexor.cy/application/o/authorize/ + token_url: https://idm.hexor.cy/application/o/token/ + api_url: https://idm.hexor.cy/application/o/userinfo/ + role_attribute_path: >- + contains(groups, 'Grafana Admin') && 'Admin' || + contains(groups, 'Grafana Editors') && 'Editor' || + contains(groups, 'Grafana Viewer') && 'Viewer' + database: + type: postgres + host: psql.psql.svc:5432 + name: grafana + user: grafana + ssl_mode: disable + +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus Local + type: prometheus + url: http://prometheus-kube-prometheus-prometheus.prometheus.svc:9090 + access: proxy + isDefault: true + +ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd + hosts: + - gf.hexor.cy + tls: + - secretName: grafana-tls + hosts: + - '*.hexor.cy' + diff --git a/k8s/core/prometheus/kustomization.yaml b/k8s/core/prometheus/kustomization.yaml new file mode 100644 index 0000000..b411261 --- /dev/null +++ b/k8s/core/prometheus/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app.yaml + - persistentVolume.yaml + - external-secrets.yaml + +helmCharts: + - name: prometheus + repo: https://prometheus-community.github.io/helm-charts + version: 70.4.2 + releaseName: kube-prometheus-stack + namespace: prometheus + valuesFile: prom-values.yaml + includeCRDs: true + + - name: grafana + repo: https://grafana.github.io/helm-charts + version: 8.11.4 + releaseName: grafana + namespace: prometheus + valuesFile: grafana-values.yaml + includeCRDs: true + diff --git a/k8s/core/prometheus/persistentVolume.yaml b/k8s/core/prometheus/persistentVolume.yaml new file mode 100644 index 0000000..7903fa6 --- /dev/null +++ b/k8s/core/prometheus/persistentVolume.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: prometheus-pv + namespace: prometheus +spec: + capacity: + storage: 200Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /k8s/prom/tsdb-storage diff --git a/k8s/core/prometheus/prom-values.yaml b/k8s/core/prometheus/prom-values.yaml new file mode 100644 index 0000000..25a1c51 --- /dev/null +++ b/k8s/core/prometheus/prom-values.yaml @@ -0,0 +1,36 @@ +grafana: + enabled: false +prometheus: + prometheusSpec: + enableRemoteWriteReceiver: true + additionalScrapeConfigs: + - job_name: outline_vpn + static_configs: + - targets: ['100.117.24.104:9095'] + labels: {instance: cy} + - targets: ['100.117.24.104:9096'] + labels: {instance: am} + - targets: ['100.117.24.104:9097'] + labels: {instance: jp} + - targets: ['100.117.24.104:9098'] + labels: {instance: bg} + - targets: ['100.117.24.104:9099'] + labels: {instance: fi} + + - job_name: term_humid_sensors + static_configs: + - targets: ['100.117.24.104:7536'] + + retention: "99999d" + retentionSize: "0" + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: "" + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 200Gi +